Talos Rules 2016-02-18
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, browser-webkit, exploit-kit, file-executable, file-flash, file-java, file-office, file-other, file-pdf, indicator-obfuscation, malware-cnc, netbios, os-windows, policy-other, protocol-dns, server-apache and sql rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2016-02-18 18:29:28 UTC

Snort Subscriber Rules Update

Date: 2016-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules)
 * 1:37715 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37714 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37721 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:37722 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37725 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
 * 1:37731 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo AAAA record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37734 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37735 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37736 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37737 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37739 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37738 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37740 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37694 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37730 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37728 <-> DISABLED <-> INDICATOR-OBFUSCATION SWF with large binary blob (indicator-obfuscation.rules)
 * 1:37727 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37726 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37720 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37713 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37712 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:37709 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37708 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37693 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:37698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37696 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37692 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37695 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37697 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)

Modified Rules:


 * 1:37645 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:36771 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit viewforum uri request attempt (exploit-kit.rules)
 * 1:37629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:22102 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:36128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:21429 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:22101 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:21077 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules)
 * 1:20634 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:20247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules)
 * 1:18706 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules)
 * 1:18704 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:15194 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX function call access (browser-plugins.rules)
 * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
 * 1:36126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36119 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36116 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36118 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35540 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35449 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:34390 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:35266 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:32862 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:34389 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:32861 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32859 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32860 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32857 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32360 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:32730 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:31926 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:30755 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:31686 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:30328 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:30327 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:30166 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30165 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30163 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:30164 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:30161 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:30162 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:30159 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30160 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30157 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30158 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30155 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30156 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30154 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:28626 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:36821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:36822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:37626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:37631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37633 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:8375 <-> DISABLED <-> BROWSER-PLUGINS QuickTime Object ActiveX clsid access (browser-plugins.rules)
 * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules)
 * 1:28887 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28888 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28889 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28890 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:29213 <-> ENABLED <-> INDICATOR-OBFUSCATION potential math library debugging (indicator-obfuscation.rules)
 * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules)
 * 1:29622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:29749 <-> DISABLED <-> BROWSER-PLUGINS SizerOne 2 ActiveX clsid access (browser-plugins.rules)
 * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules)
 * 1:30153 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30754 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules)
 * 1:31927 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:18705 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:32858 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:21453 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:23517 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:26592 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:25475 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23523 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:25393 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:23521 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:36129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36117 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:23518 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules)
 * 1:25779 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:23612 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23611 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23522 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules)
 * 1:23520 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:23524 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:36127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 3:30901 <-> ENABLED <-> FILE-FLASH known malicious flash actionscript decryption routine (file-flash.rules)

2016-02-18 18:29:27 UTC

Snort Subscriber Rules Update

Date: 2016-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:37696 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37693 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37715 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37720 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37721 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37722 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:37725 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:37727 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37726 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37728 <-> DISABLED <-> INDICATOR-OBFUSCATION SWF with large binary blob (indicator-obfuscation.rules)
 * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
 * 1:37730 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37731 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo AAAA record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules)
 * 1:37734 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37735 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37736 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37737 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37738 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37739 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37740 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37714 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37712 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:37713 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37708 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37709 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37697 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37692 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:37694 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37695 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:37699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)

Modified Rules:


 * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:36819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:28626 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:8375 <-> DISABLED <-> BROWSER-PLUGINS QuickTime Object ActiveX clsid access (browser-plugins.rules)
 * 1:37633 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules)
 * 1:37631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:37630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:36822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36771 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit viewforum uri request attempt (exploit-kit.rules)
 * 1:36129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:28890 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:29213 <-> ENABLED <-> INDICATOR-OBFUSCATION potential math library debugging (indicator-obfuscation.rules)
 * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules)
 * 1:23517 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:29622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:22102 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:29749 <-> DISABLED <-> BROWSER-PLUGINS SizerOne 2 ActiveX clsid access (browser-plugins.rules)
 * 1:22101 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:21453 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:21429 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:21077 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules)
 * 1:20634 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules)
 * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules)
 * 1:20247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:30153 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules)
 * 1:18706 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:30154 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30155 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:18705 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18704 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:30156 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:30157 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30158 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:30159 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30160 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules)
 * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:15194 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX function call access (browser-plugins.rules)
 * 1:30161 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
 * 1:30162 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:30163 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:30164 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:30165 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30166 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30327 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:30754 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:30328 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:30755 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:31686 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31927 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:31926 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:32360 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:32858 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32730 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:32857 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32859 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32860 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:37629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:32861 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:37645 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32862 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:34389 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:34390 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:35266 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:28889 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28888 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28887 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35449 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35540 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:36117 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36116 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36118 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36119 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules)
 * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:23524 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:23520 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:23522 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules)
 * 1:23611 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23612 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23521 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:25393 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:23523 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:25475 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:26592 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:23518 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:25779 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 3:30901 <-> ENABLED <-> FILE-FLASH known malicious flash actionscript decryption routine (file-flash.rules)

2016-02-18 18:29:27 UTC

Snort Subscriber Rules Update

Date: 2016-02-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2980.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:37741 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37740 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37739 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37738 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BlurFilter memory corruption attempt (file-flash.rules)
 * 1:37737 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37736 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37735 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37734 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Point object integer overflow attempt (file-flash.rules)
 * 1:37733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37732 <-> DISABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules)
 * 1:37731 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo AAAA record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37730 <-> DISABLED <-> PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt (protocol-dns.rules)
 * 1:37729 <-> DISABLED <-> INDICATOR-OBFUSCATION Adobe Flash file with SecureSwfLoader packer detected (indicator-obfuscation.rules)
 * 1:37728 <-> DISABLED <-> INDICATOR-OBFUSCATION SWF with large binary blob (indicator-obfuscation.rules)
 * 1:37727 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37726 <-> ENABLED <-> FILE-OTHER Microsoft Office ole object external file loading attempt (file-other.rules)
 * 1:37725 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:37724 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:37723 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37722 <-> ENABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37721 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37720 <-> DISABLED <-> FILE-FLASH Adobe Flash Player atomicCompareAndSwapLength integer overflow attempt (file-flash.rules)
 * 1:37719 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37716 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37715 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:37714 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37713 <-> DISABLED <-> BROWSER-PLUGINS Unitronics VisiLogic TeeChart Pro ActiveX clsid access attempt (browser-plugins.rules)
 * 1:37712 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:37711 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37710 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37709 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37708 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37707 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37706 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37705 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37704 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37703 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37702 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37701 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37700 <-> ENABLED <-> FILE-OFFICE Microsoft Office ole object external file loading attempt (file-office.rules)
 * 1:37699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37697 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37696 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37695 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37694 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37693 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules)
 * 1:37692 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37691 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:37690 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:37689 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:37688 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)

Modified Rules:


 * 1:30327 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:30166 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30165 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious toolbar and author attempt (file-office.rules)
 * 1:30164 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:30163 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:30162 <-> DISABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib xls object attempt (file-office.rules)
 * 1:30161 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via malicious MSComctlLib object attempt (file-office.rules)
 * 1:30160 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30159 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30158 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30157 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30156 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30155 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30154 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:30153 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls stack buffer overflow via MIME HTML document attempt (file-office.rules)
 * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules)
 * 1:22102 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:23517 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 1:21453 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:22101 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:21077 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules)
 * 1:21429 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules)
 * 1:20634 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:20247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules)
 * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules)
 * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules)
 * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules)
 * 1:18705 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18706 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:18704 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed second pfragments field (file-office.rules)
 * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules)
 * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules)
 * 1:13287 <-> DISABLED <-> OS-WINDOWS Windows remote kernel tcp/ip igmp vulnerability exploit attempt (os-windows.rules)
 * 1:15194 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX function call access (browser-plugins.rules)
 * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules)
 * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules)
 * 1:8375 <-> DISABLED <-> BROWSER-PLUGINS QuickTime Object ActiveX clsid access (browser-plugins.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:37633 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTextElement use after free attempt (browser-ie.rules)
 * 1:37645 <-> ENABLED <-> FILE-FLASH Adobe Flash copyPixelsToByteArray integer overflow attempt (file-flash.rules)
 * 1:37632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player dangling bytearray pointer code execution attempt (file-flash.rules)
 * 1:37626 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDL fragment privilege escalation attempt (browser-firefox.rules)
 * 1:36822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36819 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36771 <-> DISABLED <-> EXPLOIT-KIT Angler exploit kit viewforum uri request attempt (exploit-kit.rules)
 * 1:36158 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules)
 * 1:36129 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36128 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36126 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36127 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36124 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:36119 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36118 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36117 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36116 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules)
 * 1:35541 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:35540 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftagent SQL injection attempt (server-other.rules)
 * 1:35539 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2219 access attempt (policy-other.rules)
 * 1:35454 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35538 <-> DISABLED <-> POLICY-OTHER EMC AutoStart ftagent insecure opcode 20 subcode 2060 access attempt (policy-other.rules)
 * 1:35453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35450 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35449 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AS3 opaqueBackground use-after-free attempt (file-flash.rules)
 * 1:35266 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules)
 * 1:34390 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:34389 <-> ENABLED <-> FILE-OTHER Microsoft Journal out of bounds read attempt (file-other.rules)
 * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32862 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32861 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32860 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32859 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32858 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32857 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:32730 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:32360 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules)
 * 1:32353 <-> DISABLED <-> SQL Drupal 7 pre auth SQL injection attempt (sql.rules)
 * 1:31927 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:31926 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules)
 * 1:31687 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:31686 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules)
 * 1:30755 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:30754 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules)
 * 1:30328 <-> DISABLED <-> INDICATOR-OBFUSCATION multiple binary tags in close proximity - potentially malicious (indicator-obfuscation.rules)
 * 1:29749 <-> DISABLED <-> BROWSER-PLUGINS SizerOne 2 ActiveX clsid access (browser-plugins.rules)
 * 1:29622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules)
 * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules)
 * 1:29213 <-> ENABLED <-> INDICATOR-OBFUSCATION potential math library debugging (indicator-obfuscation.rules)
 * 1:28890 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28889 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28888 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28887 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:28626 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules)
 * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules)
 * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules)
 * 1:26592 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules)
 * 1:25832 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules)
 * 1:25779 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules)
 * 1:25475 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:25393 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules)
 * 1:23612 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23611 <-> DISABLED <-> FILE-PDF JavaScript contained in an xml template embedded in a pdf attempt (file-pdf.rules)
 * 1:23524 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:23523 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules)
 * 1:23522 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules)
 * 1:23521 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:23520 <-> DISABLED <-> FILE-PDF Possible unknown malicious PDF (file-pdf.rules)
 * 1:23518 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules)
 * 3:30901 <-> ENABLED <-> FILE-FLASH known malicious flash actionscript decryption routine (file-flash.rules)